GDPR Good Practice Guide
It’s important that GDPR is seen as an opportunity for marketers. Good practice is key for the ICO. The commissioner wants you to be able to demonstrate that you have done your homework and have tried your best to comply with the new legislation. Here is a simple guide to help you along the way:
- Know your personal data
Before you undertake anything, you need to know what data you are working with.
Conduct a data audit. This is especially important if you store data in different CRMs (your sales teams could even use Excel spreadsheets, or worse) and if the state of your data is not the best it could be. You need to understand what data you have, where you got it from in the first place, what permission levels you have obtained (or not) from your data subjects, and how up-to-date your data is.
- Re-evaluate your data suppliers
This is not just about your data, it is also about the suppliers you choose to work with when it comes to personal data. Make sure they are reputable organisations that have done their homework around GDPR compliance.
- Do your homework
That might sound obvious but if you decide not to go down the consent route, make sure you have conducted a thorough Legitimate Interest Assessment (LIA) and have kept a record of the corresponding documentation. You’ll find a good template for the LIA here: https://www.dpnetwork.org.uk/dpn-legitimate-interests-guidance/
- Put yourself in your prospects’ shoes
Treat your prospects as you would want to be treated. Make sure you are honest and transparent with them when it comes to the use of their data, by who and to which purpose. Make sure it is easy for them to understand this by putting together clear and concise Privacy Notices. Demonstrate benefits or the value exchange to them. Make it easy for them to opt out from receiving further communications from your organisation and keep their data safe. If you haven’t been in touch for a while, check again that it is still ok to contact them.
- Respect their data
Ensure the personal data you hold is up-to-date and accurate, and that it is relevant to your business needs. If it is not relevant, scrap it! Use it lawfully. If you pass it on to third parties, make sure you inform data subjects by telling them who these third parties are and how they will make use of their data. Do not gather more data than is necessary. If you are using personal data for profiling purposes, make sure it is anonymised.
- Stick to your words
Make sure you do not use personal data for any other purpose than that mentioned in your Privacy Notices. If you commit to amend or remove personal details from your database within a specific timeframe, do so! Your organisation’s reputation is at stake here.
- Review your T&Cs
If you pass on your data to third parties, make sure they know how they should be using that data.
- Be accountable
Nominate some personal data champions who are accountable for your personal data and the way it is being used and processed. Ensure you can demonstrate you have taken GDPR seriously and have done as much as you could to comply. Provide training to your staff so they understand why it is important to comply with GDPR and apply best practice when handling personal data, and what the potential implications of not doing so are.
- Keep on top of things
Ensure you process all GDPR requests as soon as feasibly possible and communicate opt-outs or consent refusals to third parties. Ensure you keep records of opt-out requests, removal requests and consent date stamps, and have the processes in place to ensure these data subjects are not contacted again.
Good practice can be an opportunity for your business. Remember that quantity doesn’t always mean quality. Better to have fewer prospects who you know want to hear from you (higher conversion rate for your sales teams) and are more inclined to give out information about themselves, so you can personalise your marketing messages based on their needs and interests. As a result, you should see ROI and your marketing campaigns performance improve with better targeted campaigns. By treating personal data with respect, you can also gain your prospects’ trust and improve your business reputation. That can in turn attract more customers. So, roll your sleeves up and go for it! You’ve got nothing to lose and all to gain.